cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: cschantz/Linux-Server-Management-Toolkit:9165091f7edeb28b31936b43a625e1e24c1495b9
Branches Tags
cschantz/Linux-Server-Management-Toolkit:main cschantz/Linux-Server-Management-Toolkit:dev
...
compare: cschantz/Linux-Server-Management-Toolkit:fae2c6157ad776bf5bbbfc0cde3b7170d0cb9df2
Branches Tags
cschantz/Linux-Server-Management-Toolkit:dev cschantz/Linux-Server-Management-Toolkit:main

3 Commits
9165091f7e ... fae2c6157a

Author SHA1 Message Date
cschantz fae2c6157a Fix 10 more HIGH integer comparisons in live-attack-monitor.sh 
FIXES:
- Line 321-323: $hits → ${hits:-0} (2 instances)
- Line 332: $score → ${score:-0} (negative check)
- Line 341: $score → ${score:-0} (cap at 100)
- Line 358: $removed → ${removed:-0}
- Line 366: $score → ${score:-0}
- Line 1242: $needs_config → ${needs_config:-0}
- Line 1270: $recommendations → ${recommendations:-0}
- Line 1377: $failed → ${failed:-0}
- Line 1517: $applied → ${applied:-0}

IMPACT:
- Prevents errors when variables are empty/unset
- Safe defaults for all score calculations
- More robust error handling in live monitoring

QA STATUS:
- Fixed 10 more HIGH issues
- 10 HIGH issues remain (live-attack-monitor + ip-reputation-manager)
- Continuing systematic bug fixes

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-03 20:10:29 -05:00
cschantz b8d1ce9b26 Fix 10 HIGH integer comparisons in security modules (malware-scanner, optimize-ct-limit, live-attack-monitor) 
FIXES:
malware-scanner.sh:
- Line 433: $skip → ${skip:-0}
- Line 938: $flagged_ips → ${flagged_ips:-0}

optimize-ct-limit.sh:
- Line 811: $AUTO_MODE → ${AUTO_MODE:-0}
- Line 845: $AUTO_MODE → ${AUTO_MODE:-0}
- Line 879: $AUTO_MODE → ${AUTO_MODE:-0}

live-attack-monitor.sh:
- Line 232: $hits → ${hits:-0}
- Line 253: $new_score → ${new_score:-0}
- Line 260: $new_score → ${new_score:-0}
- Line 269: $new_score → ${new_score:-0}
- Line 319: $hits → ${hits:-0}

IMPACT:
- Prevents "integer expression expected" errors
- Safe defaults for all integer comparisons
- More robust error handling

QA STATUS:
- 10 more HIGH issues remain in live-attack-monitor.sh
- Will address in next commit

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-03 20:09:22 -05:00
cschantz f6f1dc2afa Fix final 10 HIGH integer comparisons in bot-analyzer.sh 
FIXES:
- Line 2256: $ddos_count → ${ddos_count:-0}
- Line 2797: $success_count → ${success_count:-0} (2 instances)
- Line 2805: $fail_count → ${fail_count:-0} (2 instances)
- Line 3381: $success_count → ${success_count:-0}

IMPACT:
- Eliminates "integer expression expected" errors on empty variables
- Provides safe default value of 0 for all integer comparisons
- Completes all bot-analyzer.sh integer comparison fixes

QA STATUS:
- bot-analyzer.sh: All integer comparison issues FIXED
- Remaining: 10 HIGH issues in other security modules
- Total progress: 0 CRITICAL (was 8), 10 HIGH (was 20+)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-03 20:08:10 -05:00
4 changed files with 33 additions and 33 deletions
Expand all files Collapse all files
modules/security/bot-analyzer.sh
+13 -13
View File
@@ -2165,17 +2165,17 @@ generate_recommendations() {
fi fi
elif [ "${affected_domains:-0}" -eq "${total_domains:-0}" ] && [ "${total_domains:-0}" -gt 1 ]; then elif [ "${affected_domains:-0}" -eq "${total_domains:-0}" ] && [ "${total_domains:-0}" -gt 1 ]; then
attack_scope="server_wide" attack_scope="server_wide"
elif [ $total_domains -eq 1 ]; then elif [ "${total_domains:-0}" -eq 1 ]; then
attack_scope="single_server" attack_scope="single_server"
primary_target=$(head -1 "$TEMP_DIR/all_domains.txt" 2>/dev/null) primary_target=$(head -1 "$TEMP_DIR/all_domains.txt" 2>/dev/null)
fi fi
# RECOMMENDATION #1: IP Blocking Strategy # RECOMMENDATION #1: IP Blocking Strategy
if [ $total_high_risk_ips -gt 0 ]; then if [ "${total_high_risk_ips:-0}" -gt 0 ]; then
rec_count=$((rec_count + 1)) rec_count=$((rec_count + 1))
if [ $total_high_risk_ips -le 10 ]; then if [ "${total_high_risk_ips:-0}" -le 10 ]; then
echo "REC|$rec_count|ip_block_temp|Block $total_high_risk_ips high-risk IPs for 1 hour|HIGH|CSF temporary block recommended for ${total_high_risk_ips} IPs with threat score >= 70" >> "$TEMP_DIR/recommendations.txt" echo "REC|$rec_count|ip_block_temp|Block $total_high_risk_ips high-risk IPs for 1 hour|HIGH|CSF temporary block recommended for ${total_high_risk_ips} IPs with threat score >= 70" >> "$TEMP_DIR/recommendations.txt"
elif [ $total_high_risk_ips -le 50 ]; then elif [ "${total_high_risk_ips:-0}" -le 50 ]; then
echo "REC|$rec_count|ip_block_temp|Block $total_high_risk_ips high-risk IPs for 24 hours|HIGH|Large number of threats detected - 24hr block recommended" >> "$TEMP_DIR/recommendations.txt" echo "REC|$rec_count|ip_block_temp|Block $total_high_risk_ips high-risk IPs for 24 hours|HIGH|Large number of threats detected - 24hr block recommended" >> "$TEMP_DIR/recommendations.txt"
else else
echo "REC|$rec_count|ip_block_perm|Permanently block $total_high_risk_ips high-risk IPs|CRITICAL|Severe bot attack detected - permanent blocking recommended" >> "$TEMP_DIR/recommendations.txt" echo "REC|$rec_count|ip_block_perm|Permanently block $total_high_risk_ips high-risk IPs|CRITICAL|Severe bot attack detected - permanent blocking recommended" >> "$TEMP_DIR/recommendations.txt"
@@ -2221,7 +2221,7 @@ generate_recommendations() {
wp_attacks=$(grep -i "wp-admin\|wp-login\|xmlrpc" "$TEMP_DIR/attack_vectors_raw.txt" 2>/dev/null | wc -l || echo "0") wp_attacks=$(grep -i "wp-admin\|wp-login\|xmlrpc" "$TEMP_DIR/attack_vectors_raw.txt" 2>/dev/null | wc -l || echo "0")
fi fi
if [ $wp_attacks -gt 50 ]; then if [ "${wp_attacks:-0}" -gt 50 ]; then
rec_count=$((rec_count + 1)) rec_count=$((rec_count + 1))
# Determine which domains have WordPress # Determine which domains have WordPress
@@ -2235,7 +2235,7 @@ generate_recommendations() {
fi fi
# Generate appropriate recommendation based on how many domains have WordPress attacks # Generate appropriate recommendation based on how many domains have WordPress attacks
if [ $wp_domain_count -eq 1 ] || [ "$attack_scope" = "single_domain" ] || [ "$attack_scope" = "single_server" ]; then if [ "${wp_domain_count:-0}" -eq 1 ] || [ "$attack_scope" = "single_domain" ] || [ "$attack_scope" = "single_server" ]; then
# Single domain being attacked # Single domain being attacked
echo "REC|$rec_count|wp_hardening|Harden WordPress on $wp_target_domain|HIGH|$wp_attacks WordPress login/admin attempts detected" >> "$TEMP_DIR/recommendations.txt" echo "REC|$rec_count|wp_hardening|Harden WordPress on $wp_target_domain|HIGH|$wp_attacks WordPress login/admin attempts detected" >> "$TEMP_DIR/recommendations.txt"
elif [ "$attack_scope" = "primary_target" ]; then elif [ "$attack_scope" = "primary_target" ]; then
@@ -2253,7 +2253,7 @@ generate_recommendations() {
# RECOMMENDATION #7: CSF SYNFLOOD Protection (if DDoS patterns detected) # RECOMMENDATION #7: CSF SYNFLOOD Protection (if DDoS patterns detected)
if [ -s "$TEMP_DIR/rapid_fire_ips.txt" ]; then if [ -s "$TEMP_DIR/rapid_fire_ips.txt" ]; then
local ddos_count=$(wc -l < "$TEMP_DIR/rapid_fire_ips.txt" || echo "0") local ddos_count=$(wc -l < "$TEMP_DIR/rapid_fire_ips.txt" || echo "0")
if [ $ddos_count -gt 10 ]; then if [ "${ddos_count:-0}" -gt 10 ]; then
rec_count=$((rec_count + 1)) rec_count=$((rec_count + 1))
echo "REC|$rec_count|csf_synflood|Enable CSF SYNFLOOD protection|HIGH|$ddos_count potential DDoS sources detected" >> "$TEMP_DIR/recommendations.txt" echo "REC|$rec_count|csf_synflood|Enable CSF SYNFLOOD protection|HIGH|$ddos_count potential DDoS sources detected" >> "$TEMP_DIR/recommendations.txt"
fi fi
@@ -2794,7 +2794,7 @@ execute_ip_blocking_specific() {
done done
echo "" echo ""
if [ $success_count -gt 0 ]; then if [ "${success_count:-0}" -gt 0 ]; then
print_success "Successfully blocked $success_count IP(s) for $duration_text" print_success "Successfully blocked $success_count IP(s) for $duration_text"
echo "" echo ""
echo "These blocks will automatically expire after $duration_text" echo "These blocks will automatically expire after $duration_text"
@@ -2802,7 +2802,7 @@ execute_ip_blocking_specific() {
echo "To remove a block early: csf -tr IP" echo "To remove a block early: csf -tr IP"
fi fi
if [ $fail_count -gt 0 ]; then if [ "${fail_count:-0}" -gt 0 ]; then
print_warning "$fail_count IP(s) failed to block - check CSF configuration" print_warning "$fail_count IP(s) failed to block - check CSF configuration"
fi fi
@@ -3378,7 +3378,7 @@ apply_csf_blocks() {
done done
echo "" echo ""
if [ $success_count -gt 0 ]; then if [ "${success_count:-0}" -gt 0 ]; then
print_success "Successfully blocked $success_count IP(s) for $duration_text" print_success "Successfully blocked $success_count IP(s) for $duration_text"
echo "" echo ""
echo "These blocks will automatically expire after $duration_text" echo "These blocks will automatically expire after $duration_text"
@@ -3386,7 +3386,7 @@ apply_csf_blocks() {
echo "To remove a block early: csf -tr IP" echo "To remove a block early: csf -tr IP"
fi fi
if [ $fail_count -gt 0 ]; then if [ "${fail_count:-0}" -gt 0 ]; then
print_warning "$fail_count IP(s) failed to block - check CSF configuration" print_warning "$fail_count IP(s) failed to block - check CSF configuration"
fi fi
@@ -3431,14 +3431,14 @@ apply_csf_permanent_blocks() {
done done
echo "" echo ""
if [ $success_count -gt 0 ]; then if [ "${success_count:-0}" -gt 0 ]; then
print_success "Successfully blocked $success_count IP(s) permanently" print_success "Successfully blocked $success_count IP(s) permanently"
echo "" echo ""
echo "To view blocked IPs: csf -g" echo "To view blocked IPs: csf -g"
echo "To remove a block: csf -dr IP" echo "To remove a block: csf -dr IP"
fi fi
if [ $fail_count -gt 0 ]; then if [ "${fail_count:-0}" -gt 0 ]; then
print_warning "$fail_count IP(s) failed to block - check CSF configuration" print_warning "$fail_count IP(s) failed to block - check CSF configuration"
fi fi
modules/security/live-attack-monitor.sh
+15 -15
View File
@@ -229,7 +229,7 @@ update_ip_intelligence() {
hits=$((hits + 1)) hits=$((hits + 1))
# Enrich with threat intelligence on first encounter (hits == 1) # Enrich with threat intelligence on first encounter (hits == 1)
if [ $hits -eq 1 ]; then if [ "${hits:-0}" -eq 1 ]; then
# Check if whitelisted first # Check if whitelisted first
if is_whitelisted_service "$ip" 2>/dev/null; then if is_whitelisted_service "$ip" 2>/dev/null; then
score=0 score=0
@@ -250,14 +250,14 @@ update_ip_intelligence() {
local current_data="${IP_DATA[$ip]}" local current_data="${IP_DATA[$ip]}"
IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data" IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data"
local new_score=$((old_score + 30)) local new_score=$((old_score + 30))
[ $new_score -gt 100 ] && new_score=100 [ "${new_score:-0}" -gt 100 ] && new_score=100
IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep" IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep"
elif [ "${abuse_conf:-0}" -ge 50 ]; then elif [ "${abuse_conf:-0}" -ge 50 ]; then
# Medium confidence - add 15 points # Medium confidence - add 15 points
local current_data="${IP_DATA[$ip]}" local current_data="${IP_DATA[$ip]}"
IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data" IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data"
local new_score=$((old_score + 15)) local new_score=$((old_score + 15))
[ $new_score -gt 100 ] && new_score=100 [ "${new_score:-0}" -gt 100 ] && new_score=100
IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep" IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep"
fi fi
@@ -266,7 +266,7 @@ update_ip_intelligence() {
local current_data="${IP_DATA[$ip]}" local current_data="${IP_DATA[$ip]}"
IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data" IFS='|' read -r old_score old_hits old_bot old_attacks old_ban old_rep <<< "$current_data"
local new_score=$((old_score + 5)) local new_score=$((old_score + 5))
[ $new_score -gt 100 ] && new_score=100 [ "${new_score:-0}" -gt 100 ] && new_score=100
IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep" IP_DATA[$ip]="$new_score|$old_hits|$old_bot|$old_attacks|$old_ban|$old_rep"
fi fi
) & ) &
@@ -316,11 +316,11 @@ update_ip_intelligence() {
fi fi
# Request volume scoring # Request volume scoring
if [ $hits -gt 100 ]; then if [ "${hits:-0}" -gt 100 ]; then
score=$((score + 5)) score=$((score + 5))
elif [ $hits -gt 50 ]; then elif [ "${hits:-0}" -gt 50 ]; then
score=$((score + 3)) score=$((score + 3))
elif [ $hits -gt 20 ]; then elif [ "${hits:-0}" -gt 20 ]; then
score=$((score + 1)) score=$((score + 1))
fi fi
@@ -329,7 +329,7 @@ update_ip_intelligence() {
legit|ai|monitor) legit|ai|monitor)
# Legitimate bots - reduce score # Legitimate bots - reduce score
score=$((score - 5)) score=$((score - 5))
[ $score -lt 0 ] && score=0 [ "${score:-0}" -lt 0 ] && score=0
;; ;;
suspicious) suspicious)
# Suspicious bots - increase score # Suspicious bots - increase score
@@ -338,7 +338,7 @@ update_ip_intelligence() {
esac esac
# Cap at 100 # Cap at 100
[ $score -gt 100 ] && score=100 [ "${score:-0}" -gt 100 ] && score=100
# Check if we're tracking too many IPs (memory protection) # Check if we're tracking too many IPs (memory protection)
if [ ${#IP_DATA[@]} -ge $MAX_TRACKED_IPS ]; then if [ ${#IP_DATA[@]} -ge $MAX_TRACKED_IPS ]; then
@@ -355,7 +355,7 @@ update_ip_intelligence() {
for remove_ip in "${to_remove[@]}"; do for remove_ip in "${to_remove[@]}"; do
unset IP_DATA[$remove_ip] unset IP_DATA[$remove_ip]
((removed++)) ((removed++))
[ $removed -ge 100 ] && break [ "${removed:-0}" -ge 100 ] && break
done done
fi fi
@@ -363,7 +363,7 @@ update_ip_intelligence() {
IP_DATA[$ip]="$score|$hits|$bot_type|$attacks|$ban_count|$rep_score" IP_DATA[$ip]="$score|$hits|$bot_type|$attacks|$ban_count|$rep_score"
# Update IP reputation DB in background (if score > 0) # Update IP reputation DB in background (if score > 0)
if [ $score -gt 0 ]; then if [ "${score:-0}" -gt 0 ]; then
(update_ip_reputation "$ip" 1 "$score" 0 "Live monitor: $new_attacks" >/dev/null 2>&1) & (update_ip_reputation "$ip" 1 "$score" 0 "Live monitor: $new_attacks" >/dev/null 2>&1) &
fi fi
} }
@@ -1239,7 +1239,7 @@ draw_quick_actions() {
fi fi
# Only show recommendation if something needs fixing # Only show recommendation if something needs fixing
if [ $needs_config -eq 1 ]; then if [ "${needs_config:-0}" -eq 1 ]; then
echo -e "${HIGH_COLOR} ⚠️ DDoS/SYN Flood Detected - Firewall Protection Recommended${NC}" echo -e "${HIGH_COLOR} ⚠️ DDoS/SYN Flood Detected - Firewall Protection Recommended${NC}"
echo -e "${MEDIUM_COLOR} → Press 'c' for Security Hardening menu${NC}" echo -e "${MEDIUM_COLOR} → Press 'c' for Security Hardening menu${NC}"
recommendations=1 recommendations=1
@@ -1267,7 +1267,7 @@ draw_quick_actions() {
fi fi
fi fi
if [ $recommendations -eq 0 ]; then if [ "${recommendations:-0}" -eq 0 ]; then
echo "" echo ""
fi fi
@@ -1374,7 +1374,7 @@ show_blocking_menu() {
echo "" echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "✓ Successfully blocked: $blocked IPs" echo "✓ Successfully blocked: $blocked IPs"
[ $failed -gt 0 ] && echo "✗ Failed to block: $failed IPs" [ "${failed:-0}" -gt 0 ] && echo "✗ Failed to block: $failed IPs"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
read -p "Press Enter to continue..." read -p "Press Enter to continue..."
elif [[ "$choice" =~ ^[0-9]+$ ]] && [ "$choice" -ge 1 ] && [ "$choice" -le ${#blockable_list[@]} ]; then elif [[ "$choice" =~ ^[0-9]+$ ]] && [ "$choice" -ge 1 ] && [ "$choice" -le ${#blockable_list[@]} ]; then
@@ -1514,7 +1514,7 @@ show_security_hardening_menu() {
((applied++)) ((applied++))
echo "" echo ""
if [ $applied -gt 0 ]; then if [ "${applied:-0}" -gt 0 ]; then
echo "✓ Applied $applied security fix(es)" echo "✓ Applied $applied security fix(es)"
else else
echo "✓ All security settings already optimized" echo "✓ All security settings already optimized"
modules/security/malware-scanner.sh
+2 -2
View File
@@ -430,7 +430,7 @@ sanitize_docroots() {
fi fi
done done
if [ $skip -eq 0 ]; then if [ "${skip:-0}" -eq 0 ]; then
sanitized_docroot+=("$docroot") sanitized_docroot+=("$docroot")
fi fi
done done
@@ -935,7 +935,7 @@ done
fi fi
done < <(sort -u "$INFECTED_LIST" | head -20) # Limit to first 20 files to avoid long processing done < <(sort -u "$INFECTED_LIST" | head -20) # Limit to first 20 files to avoid long processing
if [ $flagged_ips -gt 0 ]; then if [ "${flagged_ips:-0}" -gt 0 ]; then
echo "✓ Flagged $flagged_ips IPs in reputation database" echo "✓ Flagged $flagged_ips IPs in reputation database"
echo " (See $LOG_DIR/flagged_ips.log for details)" echo " (See $LOG_DIR/flagged_ips.log for details)"
else else
modules/security/optimize-ct-limit.sh
+3 -3
View File
@@ -808,7 +808,7 @@ main() {
AUTO_MODE=1 AUTO_MODE=1
fi fi
if [ $AUTO_MODE -eq 0 ]; then if [ "${AUTO_MODE:-0}" -eq 0 ]; then
clear clear
print_banner "CT_LIMIT Optimizer - Intelligent Connection Limit Calculator" print_banner "CT_LIMIT Optimizer - Intelligent Connection Limit Calculator"
echo "" echo ""
@@ -842,7 +842,7 @@ main() {
generate_recommendation generate_recommendation
# Apply automatically in auto mode, otherwise ask # Apply automatically in auto mode, otherwise ask
if [ $AUTO_MODE -eq 1 ]; then if [ "${AUTO_MODE:-0}" -eq 1 ]; then
# Extract balanced value from recommendation # Extract balanced value from recommendation
local balanced=$(grep "2. BALANCED" -A1 "$TEMP_ANALYSIS/recommendation.txt" | grep "CT_LIMIT" | grep -oE '[0-9]+') local balanced=$(grep "2. BALANCED" -A1 "$TEMP_ANALYSIS/recommendation.txt" | grep "CT_LIMIT" | grep -oE '[0-9]+')
@@ -876,7 +876,7 @@ main() {
fi fi
echo "" echo ""
if [ $AUTO_MODE -eq 0 ]; then if [ "${AUTO_MODE:-0}" -eq 0 ]; then
print_success "Analysis complete!" print_success "Analysis complete!"
fi fi
} }